D-Link DWS-1008 User Manual page 54
Wireless 8 port switch with poe
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
DWS-1008 User's Manual
Configuring EAP Offload with Server Authentication
You can configure a DWS-1008 switch to perform all EAP processing locally and use RADIUS
servers for authentication and authorization. To configure the DWS-1008 switch to perform
EAP processing locally and use RADIUS servers for MS-CHAP-V2:
1. Install server certificates on the switch. You can install certificates assigned by a CA
or generate self-signed certificate on the switch.
2. Configure the RADIUS servers and add them to server group. You must configure a
server group even if you have only one server.
3. Set the 802.1X authentication protocol to PEAP-MS-CHAP-V2. With this protocol
setting, the switch performs EAP locally and uses a RADIUS server to complete the
process by performing authentication and authorization with MS-CHAP-V2.
Configuring the Authentication Protocol for Offload Authentication
To configure the authentication protocol for 802.1X users, use the following command. A
user glob represents a set of users.
set authentication dot1x {ssid ssid-name | wired} user-glob [bonded]
protocol method1 [method2] [method3] [method4]
To verify the change, use the following command:
show aaa
The following command configures a switch to authenticate users in the EXAMPLE Windows
domain who request access to SSID private_wlan, by processing EAP locally on the switch,
and by using a RADIUS server in server group grp1 for MS-CHAP-V2 authentication and
authorization:
DWS-1008#set authentication dot1x ssid private_wlan EXAMPLE\* peap-mschapv2 grp1
success: change accepted.
Note: The asterisk in this example is a wildcard. You cannot use a wildcard to represent
the delimiter characters in user globs, which are the at sign (@) and the dot (.). To match a
username that contains a delimiter, you must specify the delimiter in the user glob as shown
in these examples. Alternatively, use a double asterisk (**) with no delimiters to match all
usernames.
If you have more than one authentication rule, add the rules in the order you want MSS to
use them. For example, add the most specific rules first and the most general rules (rules
that match most widely) last.
D-Link Systems, Inc.
Configuration (continued)
Configuration
49
Advertisement
Table of Contents
